[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS secure connection to an LDAP server



Hi there,

I am trying to secure connections to my ldap server by
using TLS.
I created a certificate for my server. The certicate
verification was OK (openssl verify -CAfile
/path/to/ca.pem /path/to/my_ldap_srv_certificate).
On my slapd.conf file I set TLSCACertificateFile,
TLSCertificate and TLSCertificateKeyFile paths.
I ran my server on the two default ports 389 (ldap)
and 636 (ldaps) using this command: 'slapd -d127 -h
"ldap:/// ldaps:///'.
Once checking the SSL conection (by running the
command: 'openssl s_client -connect localhost:636
-showcerts -state -CAfile /path/to/ca.pem'), I get the
following output:
  
  CONNECTED(00000003)
  SSL_connect:before/connect initialization
  SSL_connect:SSLv2/v3 write client hello A
  SSL3 alert read:fatal:handshake failure
  SSL_connect:error in SSLv2/v3 read server hello A
  2338:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:470:

My server's debug output shows:

  TLS trace: SSL3 alert write:fatal:handshake failure
  TLS trace: SSL_accept:error in SSLv3 read client
hello B
  TLS trace: SSL_accept:error in SSLv3 read client
hello B
  TLS: can't accept.
  TLS: error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher
s3_srvr.c:882
  connection_read(8): TLS accept error error=-1 id=0,
closing
  connection_closing: readying conn=0 sd=8 for close
  connection_close: conn=0 sd=8
  daemon: removing 8
  daemon: select: listen=6 active_threads=0 tvp=NULL
  daemon: select: listen=7 active_threads=0 tvp=NULL
  daemon: activity on 1 descriptors
  daemon: select: listen=6 active_threads=0 tvp=NULL
  daemon: select: listen=7 active_threads=0 tvp=NULL


I can't guess what could be the error. Do you please
have any suggestion?

I am using OpenSSH_3.5p1 with OpenLDAP 2.1.22 on a Red
Hat box.

Thank you in advance!


	

	
		
__________________________________________________________________
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/